Görkem Haşin

**Name of the Vulnerable Software and Affected Versions** LayerBB version 1.1.4 **Description** An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending POST requests to the '/search.php' endpoint using malicious values in the `search query` parameter, specifically employing CASE WHEN statements to extract sensitive database information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.